Contact

DataEndure | Managed Cybersecurity. It's about time.

Under Attack?
Home > Security Advisories > Security Advisory for the week ending November 3, 2023

Security Advisory for the week ending November 3, 2023

  • Cisco Releases Security Advisories for Multiple Products
  • Atlassian Releases Security Advisory for Confluence Data Center and Server
  • VMware Releases Advisory for VMware Tools Vulnerabilities
  • Apple Releases Security Updates for iOS and iPadOS
  • VMware Releases Security Advisory for vCenter Server
  • Mozilla Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products

Situation:
Cisco released security advisories for vulnerabilities affecting multiple Cisco products.

Problem:
Out of date systems pose a security risk. Staying up to date with the latest threats will better protect you from malicious actors.

Implication:
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

Need:
We encourage users and administrators to review the following advisories and apply the necessary updates.

Additional Resources:

Cisco Releases Security Advisories for Multiple Products:
https://www.cisa.gov/news-events/alerts/2023/11/03/cisco-releases-security-advisories-multiple-products

Cisco Firepower Management Center Software Command Injection Vulnerability:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN

Cisco Identity Services Engine Command Injection Vulnerabilities:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw

Cisco Identity Services Engine Vulnerabilities:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-FceLP4xs

Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls Inspection Rules Denial of Service Vulnerability:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-intrusion-dos-DfT7wyGC

Cisco Firepower Threat Defense Software ICMPv6 with Snort 2 Denial of Service Vulnerability:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-icmpv6-dos-4eMkLuN

Cisco Firepower Threat Defense Software and Firepower Management Center Software Code Injection Vulnerability:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fmc-code-inj-wSHrgz8L

Cisco Firepower Management Center Software Log API Denial of Service Vulnerability:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-logview-dos-AYJdeX55

Cisco Firepower Management Center Software Command Injection Vulnerabilities:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-dos-3GhZQBAS

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ICMPv6 Message Processing Denial of Service Vulnerability:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-icmpv6-t5TzqwNd

 
Atlassian Releases Security Advisory for Confluence Data Center and Server

Situation:
Atlassian Releases Security Advisory for Confluence Data Center and Server

Problem:
An exploit has been found in two products by Atlassian: Confluence Data Center and Server. Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker.

Implication:
As part of Atlassian’s ongoing monitoring of this CVE, they observed publicly posted critical information about the vulnerability which increases risk of exploitation. There are still no reports of an active exploit, though customers must take immediate action to protect their instances. If you already applied the patch, no further action is required.

Need:
We recommend that you patch each of your affected installations to one of the listed fixed versions (or the latest version) below.

7.19.16
8.3.4
8.4.4
8.5.3
8.6.1

Additional Resources:

Atlassian Releases Security Advisory for Confluence Data Center and Server:

https://www.cisa.gov/news-events/alerts/2023/11/02/atlassian-releases-security-advisory-confluence-data-center-and-server

CVE-2023-22518 – Improper Authorization Vulnerability In Confluence Data Center and Server:
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-confluence-server-1311473907.html
VMware Releases Advisory for VMware Tools Vulnerabilities

Situation:
VMware released a security advisory addressing multiple vulnerabilities (CVE-2023-34057, CVE-2023-34058) in VMware Tools.

Problem:

Local privilege escalation vulnerability in VMware Tools (macOS) (CVE-2023-34057)

SAML Token Signature Bypass vulnerability in VMware Tools (CVE-2023-34058)

Implication:
CVE-2023-34057:

  • VMware Tools contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
  • A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

CVE-2023-34058:

  • VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
  • A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.

Need:
We encourage users and administrators to review the VMware advisory VMSA-2023-0024 and apply the necessary updates.

Additional Resources:

VMware Releases Advisory for VMware Tools Vulnerabilities

https://www.cisa.gov/news-events/alerts/2023/10/30/vmware-releases-advisory-vmware-tools-vulnerabilities

VMSA-2023-0024
https://www.vmware.com/security/advisories/VMSA-2023-0024.html
Apple Releases Security Updates for iOS and iPadOS

Situation:
Apple Releases Security Updates for iOS and iPadOS (CVE-2023-42824, CVE-2023-42824)

Problem:
A vulnerability was found for the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

Implication:
A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6 (CVE-2023-42824)

A buffer overflow may result in arbitrary code execution (CVE-2023-42824)

Need:
An update was provided to the vulnerable devices.

Additional Resources:

Apple Releases Security Updates for iOS and iPadOS:

https://www.cisa.gov/news-events/alerts/2023/10/06/apple-releases-security-updates-ios-and-ipados

About the security content of iOS 17.0.3 and iPadOS 17.0.3:
https://support.apple.com/en-us/HT213961
VMware Releases Security Advisory for vCenter Server

Situation:
VMware released a security advisory for vulnerabilities (CVE-2023-34048, CVE-2023-34056)

Problem:

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8 (CVE-2023-34048).

vCenter Server contains a partial information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3 (CVE-2023-34056).

Implication:
A remote cyber actor could exploit one of these vulnerabilities to take control of an affected system (CVE-2023-34048).

A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data (CVE-2023-34056).

Need:
To remediate CVE-2023-34056 and CVE-2023-34048,  apply the updates.

Additional Resources:

VMware Releases Security Advisory for vCenter Server:

https://www.cisa.gov/news-events/alerts/2023/10/26/vmware-releases-security-advisory-vcenter-server

VMSA-2023-0023:
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Mozilla Releases Security Advisories for Multiple Products

Situation:
Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

Problem:
There are vulnerabilities in the Mozilla products that involve spoofing the address bar, program crashes, malicious web extensions, bypassed download protections, safety bugs, and improper object tracking during the GC in the JavaScript.

Implication:
Threat actors can exploit these vulnerabilities to do malicious behavior that will compromise your systems. Without addressing these issues the patch fixes, will result in compromise of data for any user or company.

Need:
We encourage users and administrators to review the provided Mozilla advisory links below for more information and to apply the necessary updates.

Additional Resources:

Mozilla Releases Security Advisories for Multiple Products

Security Vulnerabilities fixed in Firefox for iOS 119

Security Vulnerabilities fixed in Thunderbird 115.4.1

Security Vulnerabilities fixed in Firefox ESR 115.4

Security Vulnerabilities fixed in Firefox 119
NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience
+ +